Vulnerability Description
In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit. However, when executing it, it will look for a binary named "virsh" using the PATH environment variable. The "listguests64" program will then run "virsh" using root privileges. This allows local users to elevate their privileges to root.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bmc | Patrol | <= 9.13.10.01 |
Related Weaknesses (CWE)
References
- http://www.nes.fr/securitylab/index.php/2016/12/02/privilege-escalation-on-bmc-pExploitPatchThird Party Advisory
- http://www.securityfocus.com/bid/95009Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037385
- http://www.nes.fr/securitylab/index.php/2016/12/02/privilege-escalation-on-bmc-pExploitPatchThird Party Advisory
- http://www.securityfocus.com/bid/95009Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037385
FAQ
What is CVE-2016-9638?
CVE-2016-9638 is a vulnerability with a CVSS score of 7.8 (HIGH). In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit. However, when executing it, it will look for a binary named "virsh" using the PATH environment variable. T...
How severe is CVE-2016-9638?
CVE-2016-9638 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-9638?
Check the references section above for vendor advisories and patch information. Affected products include: Bmc Patrol.